fbpx

I am a Medibank customer. Am I affected by the cyber-attack? What can I do to protect myself? | Cybercrime

Millions of Medibank’s current and former customers have had their personal information, including health claims, exposed in a hack of the company’s customer database.

Here’s what we know so far, and what you can do.

Am I affected?

If you are a customer of Medibank or its subsidiary ahm, or are an international student with Medibank, or you have been a customer within the last seven years, it’s likely your data has been exposed in the breach.

If you are a current or former customer of Medibank you’ve likely already received an email advising you about the hack itself. Medibank has also sent follow-up emails to customers whose data was included in a sample of records received from the hacker.

On Wednesday the company said the hacker had access to all customer accounts, but could not say how many people actually had their data taken.

Medibank has also said former customers have been included in the records received so far, as the company is required to keep customer information for seven years under state and territory laws.

What personal information has been compromised?

Medibank has determined the hacker was able to obtain the following information for all customers, including Medibank, ahm and international student customers:

Of these, the date of birth, address, Medicare card numbers and health claims would be of most concern for potential identity theft or extortion attempts if the data was eventually posted online or sold to someone else.

The amount and type of data may change, however. In a call with investors on Wednesday, the chief executive of Medibank, David Koczkar, said the company has not yet finalised its investigation into what data has been taken.

What can I do about personal identification information being exposed?

Similar to the response to the Optus data breach, experts suggest not rushing out and changing everything. People should always seek to use strong passwords and multifactor authentication on their online accounts – not just with Medibank.

Sign up to Guardian Australia’s Morning Mail

Our Australian morning briefing email breaks down the key national and international stories of the day and why they matter

Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply.

They can also advise their bank and other financial institutions to put in place additional security checks for their accounts (particularly for over-the-phone transactions).

For compromised Medicare numbers, Medibank has not yet advised how many or which customers are affected.

What can I do about my personal medical information being breached?

Unfortunately, at this stage, not a lot. We don’t know yet whether the hacker will do anything with it, though they have reportedly previously threatened to release the health claims of high-profile people as part of their demands to Medibank.

What will Medibank do for affected customers?

There will be a support package for affected customers, including:

  • Financial support for customers who “are in a uniquely vulnerable position” as a result of the hack, who will be supported on an individual basis.

  • Access to Medibank’s health and wellbeing support line.

  • Specialist ID protection services from IDCARE.

  • Identity monitoring services for customers who have had their primary ID compromised.

  • Reimbursement of fees for reissue of ID documents that were “fully compromised” in the hack.

Is the government doing anything?

Federal government agencies including the Australian federal police are investigating the hack. The government response to the Medibank hack has been more muted than its response to the Optus data breach.

However, legislation was introduced into parliament on Wednesday changing privacy law to impose harsher penalties of up to $50m for serious or repeated data breaches.

Source link

Josh Taylor